• Stars
    star
    107
  • Rank 323,587 (Top 7 %)
  • Language
    Python
  • License
    MIT License
  • Created over 7 years ago
  • Updated almost 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Inferred Model-based Fuzzer

IMF: Inferred Model-based Fuzzer

IMF is a kernel API fuzzer that leverages an automated API model inferrence techinque proposed in our paper at CCS. IMF currently only supports macOS. To see how to configure and run IMF, see the followings.

Setup

Requirements

  • python2.7
  • pypy
  • clang

How to run

  1. Generate hooking library for APIs
$ ./gen-hook [output(hooking code) path]
$ clang  -Wall -dynamiclib -framework IOKit -framework CoreFoundation -arch i386\
         -arch x86_64 hook.c -o hook
  1. Collect logs
$ DYLD_INSERT_LIBRARIES=[hooking library path] [program path] [program args]
  1. Filter logs
$ ./filter-log [log dir] [output dir] [# of output(filtered log)] [# of core]
  1. Infer a model and generate a fuzzer.
$ ./gen-fuzz [filtered logs path] [output(fuzzer code) path] [# of core]
  1. Compile the fuzzer
$ clang -framework IOKit -framework CoreFoundation -arch i386 fuzz.c -o fuzz
  1. Run the fuzzer
$ ./fuzz -f [log path] -s [seed] -b [bitlen] -r [rate] -l [# of max loops]
  1. You may want to run the generated fuzzer within a while loop.

CVEs

  • CVE-2017-7159

Authors

This research project has been conducted by SoftSec Lab at KAIST.

Citing IMF

To cite our paper (pdf):

@INPROCEEDINGS{han:ccs2017,
    author = {HyungSeok Han and Sang Kil Cha},
    title = {Inferred Model-based Fuzzing},
    booktitle = {Proceedings of the ACM Conference on Computer and Communications Security},
    year = {2017},
    pages = {2345--2358}
}

Acknowledgement

The work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT).

More Repositories

1

CodeAlchemist

CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines (NDSS '19)
F#
235
star
2

Fuzzing-Survey

The Art, Science, and Engineering of Fuzzing: A Survey
JavaScript
207
star
3

Eclipser

Grey-box Concolic Testing on Binary Code (ICSE '19)
F#
148
star
4

Smartian

Smartian: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses (ASE '21)
F#
139
star
5

BinKit

Binary Code Similarity Analysis (BCSA) Benchmark
Shell
132
star
6

TikNib

Binary Code Similarity Analysis (BCSA) Tool
Python
114
star
7

NTFuzz

NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis (IEEE S&P '21)
F#
94
star
8

MeanDiff

Testing Intermediate Representations for Binary Analysis (ASE '17)
F#
79
star
9

GitCTF

Git-based CTF
Python
60
star
10

Ankou

Ankou: Guiding Grey-box Fuzzing towards Combinatorial Difference (ICSE '20)
Go
54
star
11

Fuzzle

Fuzzle: Making a Puzzle for Fuzzers (ASE'22)
Python
40
star
12

Reassessor

Reassembly is Hard: A Reflection on Challenges and Strategies (USENIX Security '23)
Python
30
star
13

BotScreen

BotScreen: Trust Everybody, but Cut the Aimbots Yourself (USENIX Security '23)
Python
13
star
14

Smartian-Artifact

Artifacts for Smartian, a grey-box fuzzer for Ethereum smart contracts.
Solidity
12
star
15

Eclipser-Artifact

Docker image for Eclipser
Shell
4
star
16

Fuzzle-artifact

Artifact evaluation repository for Fuzzle
C
3
star
17

MeanDiff-LifterPyVEX

Lift instruction to VEX, using PyVEX, and translate to MeanDiff's UIR
Python
2
star
18

Ankou-Benchmark

2
star
19

MeanDiff-LifterBINSEC

Lift instruction to DBA, using BINSEC, and translate to MeanDiff's UIR
OCaml
1
star
20

LLM1dFuzz

Systematic Bug Reproduction with Large Language Model (SECAI'24)
Shell
1
star
21

MeanDiff-ExternalXED

C
1
star
22

MeanDiff-LifterBAP

Lift instruction to BIL, using BAP, and translate to MeanDiff's UIR
OCaml
1
star
23

MeanDiff-DockerBaseImage

Shell
1
star